Hi,
On 12-01-18 17:48, Emmanuel Deloget wrote:
> The internal EVP_PKEY::pkey member is an union thus we need to check for
> the real key type before we can return the corresponding RSA, DSA or EC
> public key.
>
> Reported-by: Selva Nair <selva.n...@gmail.com>
> Signed-off-by: Emmanuel Deloget <log...@free.fr>
>
> diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
> index 70b19aea..8b29cdaf 100644
> --- a/src/openvpn/openssl_compat.h
> +++ b/src/openvpn/openssl_compat.h
> @@ -240,7 +240,7 @@ X509_OBJECT_get_type(const X509_OBJECT *obj)
> static inline RSA *
> EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
> {
> - return pkey ? pkey->pkey.rsa : NULL;
> + return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL;
> }
> #endif
>
> @@ -254,7 +254,7 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
> static inline EC_KEY *
> EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
> {
> - return pkey ? pkey->pkey.ec : NULL;
> + return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL;
> }
> #endif
>
> @@ -282,7 +282,7 @@ EVP_PKEY_id(const EVP_PKEY *pkey)
> static inline DSA *
> EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
> {
> - return pkey ? pkey->pkey.dsa : NULL;
> + return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL;
> }
> #endif
>
>
Looks good and passes my tests.
Acked-by: Steffan Karger <stef...@karger.me>
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
